PCI In the Cloud

ExoIS and Rapid 7 sponsor a panel discussion on the growing overlap between payment card infrastructure technology and cloud computing. From the event description:

“In this interesting panel discussion the panelists and moderator will discuss the following items:

– Who is responsible for PCI compliance in the cloud? The provider or the customer?
– How can merchants effectively collaborate with the QSA community?
– How can the risk of business users bypassing standard IT controls be addressed?
– How do you scope your assessment?
– How must assessment tools and techniques adapt?
– How do you migrate a PCI environment to the cloud? What should be considered? What pre-existing checklists/guidance is available?
– How is the PCI Data Security Standard adapting to recognize these different needs?
– What trends do the card brands predict as more companies move their credit card data into the cloud?
– What questions should you ask your provider before signing up?
– What contractual requirements should be requested?
– What do breach trends say about the cloud?
– What is the experience from organizations using Data Tokenization? What is the guidance on tokenization from the PCI Council, analysts and card brands like Visa?

Panelists:

Dr. Anton Chuvakin, Vice President, Business Development and Marketing, ExoIS Inc
Chad Loder, Vice Present Security Solutions, Rapid7
Eduardo Perez, Head of Global Payment System Risk, Visa Inc.
Hemma Prafullchandra, CTO, Hytrust
Ulf Mattsson, CTO, Protegrity”

Information and registration here.